Voice activated authentication

ABSTRACT

Systems and methods provide voice activated authentication over time. A user can be registered with a voice authentication system based on a voiceprint profile of common words. This user voiceprint profile can be used in an ongoing secondary authentication as a hands-free head-mounted wearable device is used over time. Upon a user logging into a hands-free head-mounted wearable device voiceprints can be collected during a session. These collected voiceprints can be compared with a user voiceprint profile for a user authorized to operate the hands-free head-mounted wearable device. Such a comparison can include an analysis of frequency, duration, and amplitude for the voiceprints. When the voiceprints match, the login of the user can be maintained based on this secondary authentication using the voiceprints matched to the user voiceprint profile.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. provisional application62/696,731, filed Jul. 11, 2018, entitled “Voice ActivatedAuthentication”, the entire contents of which are incorporated herein byreference as though fully set forth herein.

BACKGROUND

Oftentimes, it is desirable for user devices to be password protectedsuch that a user must log into the device before the device can be usedor data accessed using the device. Conventional authenticationtechniques for user devices include using a fingerprint, PIN, gestures,and/or face detection. However, such authentication techniques do noteasily translate for use in authenticating wearable computing devices,such as a head-mounted wearable device. Head-mounted wearable devicescan be configured for hands-free use, employing features based ondetected voice command. Authenticating a head-mounted device using a PINis problematic when the device is configured for hands-free use becausesaying a PIN out loud is not secure sign-in technique. Techniques havebeen developed in an attempt to overcome this deficiency. For instance,a display can be presented to a user indicating words assigned tonumbers such that the user logs in using the words matched up with thenumbers of their PIN. Another technique uses an enrolled voice printwhere a prompted phrase spoken by a user is matched with the user'senrolled profile. However, such authentication systems still results inthe issue that once a user logs into the hands-free head-mounted device,the device remains logged in unless the user commands the device to signout. As such, after the initial user authentication, the head-mounteddevice is essentially an open device allowing individuals other than thelogged-in user to utilize the device.

SUMMARY

Embodiments of the present disclosure are directed towards techniquesthat allows a user to log into a hands-free head-mounted device usingvoice activated authentication such that the device remains secure overtime. In particular, embodiments of the present invention are generallydirected toward systems, methods, and computer storage media forproviding improved login that allows a user to log into a head-mounteddevice using an initial voice activated authentication where security ismaintained over time using secondary authentication and other safeguardsto ensure authorized access and user of the device.

A voice authentication system can utilize an initial authenticationprocess to allow a user to gain access to the functionality of ahands-free head-mounted wearable device. Secondary authentication can beused to maintain security of the device as it is used over a timeperiod. An authorized user can be registered with such a system bygenerating a user voiceprint profile comprised of voiceprints for verycommon words, or common words (e.g., words/phrases a user of the deviceoften speaks when using a device). This user voiceprint profile can becompared with voiceprints collected during a session using thehands-free head-mounted wearable device. The comparison can be based onmatching frequency, duration, and amplitude of the collected voiceprintsand the voiceprints in the user profile. As voiceprints are often uniqueto an individual based on how the individual utters a particularword/phrase, the comparison ensures that an authorized user is still theindividual using the hands-free head-mounted wearable device. If thevoiceprints do not match, the user can be logged out of the device.Further, the voice authentication system can utilize additional securitypolicies to ensure the protection of a hands-free head-mounted wearabledevice.

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is described in detail below with reference to theattached drawing figures, wherein:

FIG. 1 is a block diagram illustrating an exemplary operatingenvironment 100 in which some embodiments of the present disclosure maybe employed;

FIG. 2 is a block diagram illustrating an illustrating an exemplaryembodiment of hands-free interaction system, in accordance with someimplementations of the present disclosure;

FIG. 3 is an illustration of an exemplary head-mounted display device,in accordance with some implementations of the present disclosure;

FIG. 4 is an illustration of an exemplary voice activated authenticationenvironment for a hands-free head-mounted wearable device, in accordancewith some implementations of the present disclosure;

FIG. 5 depicts a process flow showing an embodiments of a method forregistering a user with a voice authentication system, in accordancewith embodiments of the present disclosure;

FIG. 6 depicts a process flow showing an embodiments of a method forauthenticating a user using a voice authentication system, in accordancewith embodiments of the present disclosure; and

FIG. 7 is a block diagram of an exemplary computing environment suitablefor use in accordance with some implementations of the presentdisclosure.

DETAILED DESCRIPTION

The subject matter of the present disclosure is described withspecificity herein to meet statutory requirements. However, thedescription itself is not intended to limit the scope of this patent.Rather, the inventors have contemplated that the claimed subject mattermight also be embodied in other ways, to include different steps orcombinations of steps similar to the ones described in this document, inconjunction with other present or future technologies. Moreover,although the terms “step” and/or “block” may be used herein to connotedifferent elements of methods employed, the terms should not beinterpreted as implying any particular order among or between varioussteps herein disclosed unless and except when the order of individualsteps is explicitly described.

Various mobile devices or wearable computing devices have limitationswith respect the security of logging in when using a hands-free mode.More specifically, using conventional authentication techniques such asusing a fingerprint, PIN, gestures, and/or face detection do not easilytranslate for use in authenticating wearable computing devices, such asa head-mounted wearable device. For instance, authenticating ahead-mounted device using a PIN is problematic because saying a PIN outloud is not secure sign-in technique. As such, a voice authenticationsystem can utilize an initial authentication process to allow a user togain access to the functionality of a hands-free head-mounted wearabledevice and a secondary authentication to maintain security of the deviceover a time as the device is used. An authorized user can be registeredwith such a system by generating a user voiceprint profile comprised ofvoiceprints for very common words, or common words (e.g., words/phrasesa user of the device typically speaks when using a device). This uservoiceprint profile can be compared with voiceprints collected during asession using the hands-free head-mounted wearable device. Thecomparison can be based on matching frequency, duration, and amplitudeof the collected voiceprints and the voiceprints in the user profile. Asvoiceprints are often unique to an individual based on how theindividual utters a particular word/phrase, the comparison ensures thatan authorized user is still the individual using the hands-freehead-mounted wearable device. If the voiceprints do not match, the usercan be logged out of the device. Further, the voice authenticationsystem can utilize additional security policies to ensure the protectionof a hands-free head-mounted wearable device

Turning now to FIG. 1, a block diagram is provided showing an exampleoperating environment 100 in which some embodiments of the presentdisclosure may be employed. It should be understood that this and otherarrangements described herein are set forth only as examples. Otherarrangements and elements (e.g., machines, interfaces, functions,orders, and groupings of functions, etc.) can be used in addition to orinstead of those shown, and some elements may be omitted altogether forthe sake of clarity. Further, many of the elements described herein arefunctional entities that may be implemented as discrete or distributedcomponents or in conjunction with other components, and in any suitablecombination and location. Various functions described herein as beingperformed by one or more entities may be carried out by hardware,firmware, and/or software. For instance, some functions may be carriedout by a processor executing instructions stored in memory.

Among other components not shown, example operating environment 100includes a number of user devices, such as user devices 102 a-102 n; anumber of data sources, such as data sources 104 a and 104 b through 104n; server 106; sensors 103 a-103 n, and network 110. It should beunderstood that environment 100 shown in FIG. 1 is an example of onesuitable operating environment. Each of the components shown in FIG. 1may be implemented via any type of computing device, such as computingdevice 700, described in connection to FIG. 7, for example. Thesecomponents may communicate with each other via network 110, which mayinclude, without limitation, one or more local area networks (LANs)and/or wide area networks (WANs). In exemplary implementations, network110 comprises the Internet and/or a cellular network, amongst any of avariety of possible public and/or private networks.

It should be understood that any number of user devices, servers, anddata sources may be employed within operating environment 100 within thescope of the present disclosure. Each may comprise a single device ormultiple devices cooperating in a distributed environment. For instance,server 106 maybe provided via multiple devices arranged in a distributedenvironment that collectively provide the functionality describedherein. Additionally, other components not shown may also be includedwithin the distributed environment.

User devices 102 a-102 n may comprise any type of computing devicecapable of use by a user. For example, in one embodiment, user devices102 a-102 n may be the type of computing device described in relation toFIG. 7 herein. By way of example and not limitation, a user device maybe embodied as a personal computer (PC), a laptop computer, a mobile ormobile device, a smartphone, a tablet computer, a smart watch, awearable computer, a personal digital assistant (PDA), an MP3 player,global positioning system (GPS) or device, video player, handheldcommunications device, gaming device or system, entertainment system,vehicle computer system, embedded system controller, a camera, remotecontrol, a bar code scanner, a computerized measuring device, appliance,consumer electronic device, a workstation, a head-mounted computingdevice, or any combination of these delineated devices, or any othersuitable device.

User devices 102 a-102 n can be client devices on the client-side ofoperating environment 100, while server 106 can be on the server-side ofoperating environment 100. Server 106 can comprise server-side softwaredesigned to work in conjunction with client-side software on userdevices 102 a-102 n so as to implement any combination of the featuresand functionalities discussed in the present disclosure. This divisionof operating environment 100 is provided to illustrate one example of asuitable environment, and there is no requirement for eachimplementation that any combination of server 106 and user devices 102a-102 n remain as separate entities.

Data sources 104 a and 104 b through 104 n may comprise data sourcesand/or data systems, which are configured to make data available to anyof the various constituents of operating environment 100, or hands-freeinteraction system 200 described in connection to FIG. 2. For instance,in one embodiment, one or more data sources 104 a through 104 n provide(or make available for accessing) storage 270 of FIG. 2. Data sources104 a and 104 b through 104 n may be discrete from user devices 102a-102 n and server 106 or may be incorporated and/or integratedtherewith. In one embodiment, one or more of data sources 104 a though104 n comprises one or more sensors, which may be integrated into orassociated with one or more of the user devices 102 a-102 n or server106. Operating environment 100 can be utilized to implement one or moreof the components of hands-free interaction system 200, described inFIGS. 2 and 3, including components for motion processing, soundprocessing, and data storage such as keyword custom libraries, userdata, and context specific data.

Turning now to FIG. 2, a block diagram is provided illustrating anexemplary embodiment of hands-free interaction system 200 in which someembodiments of the present disclosure may be employed. Hands-freeinteraction system 200 generally operates to facilitate hands-freeinteraction with applications and features of a touch-based operatingsystem 202. It should be understood that the hands-free interactionsystem 200 shown in FIG. 2 is an example of one system in whichembodiments of the present disclosure may be employed. Each componentshown may include one or more computing devices similar to the operatingenvironment 100 described with reference to FIG. 1. The hands-freeinteraction system 200 should not be interpreted as having anydependency or requirement related to any single module/component orcombination of modules/components illustrated therein. For instance,hands-free interaction system 200 may comprise multiple devices arrangedin a distributed environment that collectively provide the functionalitydescribed herein. It should be understood that the hands-freeinteraction system 200 and/or its various components may be locatedanywhere in accordance with various embodiments of the presentdisclosure.

Head-mounted computing device 220 (described in more detail withreference to FIG. 3) generally facilitates hands-free interaction with atouch-based user interface 206 of a touch-based operating system 202.The head-mounted computing device 220 may comprise a variety of headsetdevice input and output components, such as motion and audio sensors,displays, and input controls, among others. Additionally, thehead-mounted computing device 220 may include computer-usableinstructions stored on computer storage media, such as storage 270.Accordingly, the head-mounted computing device 220 may be configured toexecute computing processes that may be performed using any combinationof hardware, firmware, and/or software. For instance, various functionsmay be carried out by a processor (e.g., headset processor 280)executing instructions stored in memory. The methods may be provided bya standalone application, a service or hosted service (standalone or incombination with another hosted service), or a plug-in to anotherproduct, to name a few.

The functions and processes performed by the hands-free interactionsystem 200 may be associated with applications, services, or routines(such as headset applications 276). In particular, such applications,services, or routines may operate on the head-mounted computing device220, or may be distributed across multiple devices. For example, thefunctions and processes described herein may execute on a touch-baseduser device (such as user device 102 a), servers (such as server 106),or be implemented in the cloud. Moreover, in some embodiments thecomponents of hands-free interaction system 200 may be distributedacross the network 110. Additionally, these components, functionsperformed by these components, or services carried out by thesecomponents, may be implemented at appropriate abstraction layer(s), suchas the operating system layer, application layer, hardware layer, etc.,of the computing system(s). Alternatively, or in addition, thefunctionality of these components and/or the embodiments of theinvention described herein can be performed, at least in part, by one ormore hardware logic components. For example, and without limitation,illustrative types of hardware logic components that can be used includeField-programmable Gate Arrays (FPGAs), Application-specific IntegratedCircuits (ASICs), Application-specific Standard Products (ASSPs),System-on-a-chip systems (SOCs), Complex Programmable Logic Devices(CPLDs), etc. Additionally, although functionality is described hereinwith regard to specific components shown in example hands-freeinteraction system 200, it is contemplated that in some embodimentsfunctionality of these components can be shared or distributed acrossother components.

Accordingly, head-mounted computing device 220, may include one or moreheadset processors 280 that execute instructions (which may be stored byheadset applications 276) for providing a hand-free interaction mode.The hands-free interaction mode may facilitate interaction withprograms, applications, and features of the touch-based operating system202 via the head-mounted computing device 220. In one aspect, theheadset applications 276 include instructions for facilitatinghands-free interaction with existing binary applications (such asapplications 208), that operate in touch-based operating system 202. Forexample, the hands-free interaction system 200 may be configured for usewith any number of applications, via native or existing binaries, suchas applications available from the Playstore, Appstore, and any othersource of touch-based applications. Further, a headset engine 210 mayinterrogate applications 208 running on the touch-based operating system202 to determine screen components/features, such as such inputcontrols, form elements, and navigation commands, among others, includedin a touch-based user interface 206. For instance, the headset engine210 may analyze the user interface layer of the touch-based operatingsystem 202 to determine when various screen components/features arebeing provided for display. In this way, as a touch-based application isbeing executed, various displayed UI components of the application canbe determined. The screen components/features may then be extracted oridentified, and provided to the other components of hands-freeinteraction system 200 for processing, as will be described. As aresult, virtually any application that is operable with touch-basedoperating system 202 may be enabled for hands-free interaction, atruntime. Additionally, the hands-free interaction system 200 may includeXML files for applications that are not compatible with standardhands-free interaction mode instructions. The XML, files may overridethe standard hands-free interaction mode instructions, and providecustomized instructions. Additionally, the XML files may be merged withexisting binaries of the applications 208 at runtime so that theexisting binaries do not need to be modified.

Further, the head-mounted computing device 220 may include variousheadset device I/O 222, components, which may, for example, sense ordetect hands-free inputs received via head-mounted computing device 220.The received inputs may be processed, for example, by hands-free inputdeterminer 240, to generate one or more hands-free commands. Further,the hands-free interaction system 200 may be configured to determineand/or generate commands associated with received hands-free inputs. Thegenerated hands-free commands may be communicated (for example, by acommunication component 232) to the touch-based operating system 202 forexecution. The determined commands may programmatically instruct thetouch-based operating system 202 to execute the commands, as if it wereexecuting corresponding touch-based inputs.

Headset engine 210 is generally responsible for facilitatingcommunication between touch-based operating system 202, touch-based userinterface 206, motion processing system 242, sound processing system250, interface analyzer 212, storage 270, headset device input/output(I/O) 222, and their respective subcomponents. In some aspects, headsetengine 210 initializes the hands-free interaction mode in response toreceiving a signal from headset device I/O 222. For example, physicalinput control(s) 238 (such as a button, switch, or the like) may receiveinput that initializes the hands-free interaction mode. In some aspects,headset engine 210 also initializes the analysis of the touch-based userinterface 206 and/or touch-based operating system 202, such thattouch-based scrolling features and touch-based control dialoguesdetermined. In some aspects, headset engine 210 receives motion data(e.g., from sensors 226 a-226 n) and transmits the informationhands-free input determiner 240. In some aspects, headset engine 210receives audio input 224 from headset device I/O 222 and transmits theinformation to hands-free input determiner 240.

Touch-based user interface 206 generally facilitates user interactionwith the touch-based operating system 202 in the hands-free interactionsystem 200. In some aspects, the touch-based user interface 206 maycomprise touch-based scrolling features (such as “swipe” features,horizontal scroll bars, vertical scroll bars, and the like). In someaspects, the touch-based user interface 206 comprise touch-based controldialogues (such as text boxes or fields, check boxes, application icons,document tools, radio buttons, and the like, for example).

In aspects, storage 270 may include a keyword custom library 272. Thekeyword custom library 272 may comprise a database containing keywordcue to touch-based control dialogue associations. In aspects, storage270 may also comprise user specific settings, preferences, thresholds,permissions, or any data associated with an individual or group ofindividuals. In aspects, storage 270 may headset applications 276.Storage 270 may be communicatively coupled with the any of thecomponents and subcomponents of hands-free interaction system 200.

Audio input 224 generally refers to components for capturing audio, suchas microphones and the like (e.g. directional and omnidirectionalmicrophones). In embodiments, audio input 224 may comprise multiplemicrophones located at various points of head-mounted computing device220 configured such that ambient noise may be captured and ultimatelyused to aid in processing and analysis of user audio inputs. It will beunderstood that audio input 224 may be any sensor or system of sensorscapable of perceiving audio input and converting audio input into anaudio feed without departing from the scope of this disclosure. Audiooutput 230 generally facilitates sound output to the user. It will beunderstood that any audio output component or components capable ofproducing sound in response to electrical input (such as a speaker) maybe used in embodiments without departing from the scope of thisdisclosure. In embodiments, audio output 230 may be configured tocommunicate with at least headset device I/O 222. Communicationcomponent 232 generally facilitates communication between thehead-mounted computing device 220 and other devices through any suitablecommunication protocol. In embodiments, communication component maycomprise a wireless communication system discussed above or below withreference to FIG. 7.

Display 234 generally facilitates a visual presentation of data to theuser. It will be understood that any display may be used in variousembodiments without departing from the scope of this disclosure. Sensors226 a-226 n may include cameras, microphones, GPS, RFID sensors,infrared sensors, light sensors, magnetometers, gyroscopes, capacitivetransducers, potentiometers, resistive transducers, synchros,accelerometers, and micro-gyroscopes, among others. Such sensors can beused to monitor user interaction with the display.

FIG. 3 shows an exemplary embodiment of a hands-free head-mountedwearable device 320, in accordance with some implementations of thepresent disclosure. Hands-free head-mounted wearable device 320 is awearable device and may include similar features to that of computingdevice 700 of FIG. 7. Hands-free head-mounted wearable device 320 mayalso be similar to head-mounted wearable device 220 of FIG. 2.Hands-free head-mounted wearable device 320 includes a frame member 322.Frame member 322 may be a frame structure. As shown in FIG. 3, framemember 322 is configured and arranged for wearing by a user. Forinstance, frame member 322 may be worn about the user's head. Hands-freehead-mounted wearable device 320 may additionally include one or morestabilizing members 324 (or stabilizing structures) that stabilize theframe member 322 about the user's head.

Hands-free head-mounted wearable device 320 may include one or morerotating members, such as but not limited to first rotating member 326and second rotating member 328. At least one rotating members 326 or 328is rotatably coupled to frame member 322, i.e. at least one of rotatingmembers 326 or 328 is coupled to frame member and configured andarranged for rotating relative to frame member 322. In at least oneembodiment, first rotating member 326 may be a boom arm that is coupledto a display module 330. Display module 330 houses a display device (notshown in FIG. 3) that is directed towards the eyes of the users. Asshown in FIG. 3, the display device is within the user's line-of-sight(LOS). A user may re-position the display device, via a rotation of oneor more of rotating members 326/328, such the display device is excludedfrom the user's LOS. Note that in the view of hands-free head-mountedwearable device 320 shown in FIG. 3, the display device is occluded byexternal surfaces display module 330.

Hands-free head-mounted wearable device 320 includes variouselectroacoustic transducers (e.g. microphones and audio speakers). Onesuch electro acoustic transducer 332 is located near a distal end ofrotating member 326. Electroacoustic transducer 332 may be a primarymicrophone. In various embodiments, hands-free head-mounted wearabledevice 320 includes one or other electroacoustic transducers, includingbut not limited to one or more auxiliary microphones 334 and one or moreaudio speakers, such as but not limited to audio speaker 336.

Hands-free head-mounted wearable device 320 may include an opticalmodule 340 that houses one or more photon-detectors (e.g. cameradevices), such as photon-detector 342 and a projection system 344.Projection system 344 may include one or more photon-emitters (e.g.scanning lasers, scanning light emitting diodes (LED), and the like).Optical module 340 may be configured and arranged to rotate relative toframe member 322, such that the field-of-view (FOV) of thephoton-detector 342 may be rotationally varied. In at least somerotational orientations of optical module 340, the FOV ofphoton-detector 342 is at least similar to the FOV of the user.

In accordance with the some of the described embodiments, with briefreference back to FIG. 3, the hands-free head-mounted wearable 320includes a primary microphone 332 that can be employed to receive audiodata from the user, among other things. While it is contemplated thatany one or more microphones, disclosed or not described, can be employedto receive audio data from the user, by the computing device inaccordance with the described embodiments, the primary microphone 332 isutilized herein for descriptive purposes, and as an exemplary inputdevice (e.g., microphone) for the reception of audio signals from theuser, and to the audio input resource (e.g., audio input component).Also, while not depicted by the illustrated embodiments, the audio inputcomponent can include any hardware component that receives audio inputsignals from a coupled audio input device (e.g., a microphone or audiosource). For instance, an audio input component can include any audioinput interface, such as an audio card having any number of audio inputs(e.g., auxiliary jacks, USB jacks, optical inputs, wireless inputs), awireless audio card (e.g., Bluetooth, Wi-Fi), or an integrated audiocontroller (e.g., integrated into a CPU or motherboard). Also inaccordance with the described embodiments, the microphone is coupled(e.g., directly or wirelessly) to the audio input component, such thatthe microphone can receive raw audio signals, which are communicated tothe audio input component, where they are processed and encoded intoaudio data.

Referring to FIG. 4, aspects of an illustrative voice activatedauthentication environment 400 for a hands-free head-mounted wearabledevice are shown, in accordance with various embodiments of the presentdisclosure. As depicted in FIG. 4, voice authentication system 404includes registration engine 406 and authentication engine 412. Theforegoing engines of voice authentication system 404 can be implemented,for example, in operating environment 100 of FIG. 1 and/or operatingenvironment 200 of FIG. 2. In particular, those engines may beintegrated into any suitable combination of user devices 102 a and 102 bthrough 102 n and server(s) 106 of FIG. 1. While the various engines aredepicted as separate engines, it should be appreciated that a singleengine can perform the functionality of all engines. Additionally, inimplementations, the functionality of the engines can be performed usingadditional engines and/or components. Further, it should be appreciatedthat the functionality of the engines can be provided by a systemseparate from the voice authentication system.

As shown, a voice authentication system can operate in conjunction withdata store 402. Data store 402 can store computer instructions (e.g.,software program instructions, routines, or services), data, and/ormodels used in embodiments described herein. In some implementations,data store 402 can store information or data received via the variousengines and/or components of voice authentication system 404 and providethe engines and/or components with access to that information or data,as needed. Although depicted as a single component, data store 402 maybe embodied as one or more data stores. Further, the information in datastore 402 may be distributed in any suitable manner across one or moredata stores for storage (which may be hosted externally). Inembodiments, such data can be input into data store 402 from a remotedevice, such as from a server or another user device.

In embodiments, data stored in data store 402 can include logininformation for a user(s), voice profile(s) of an authorized deviceuser(s), headset security policies, etc. Login information can generallyinclude a PIN, password, and/or passcode for registered device users.Voiceprint profiles can generally be defined as recorded words and/orphrased with a particular frequency, duration, and amplitude. Suchvoiceprints can be unique to an individual based on how the individualutters a particular word/phrase. A voice profile of an authorized deviceuser can include voiceprints for very common words or common words(e.g., words/phrases a user of the device often speaks when using adevice). Headset security policies can also be stored including securitymeasures for a hands-free head-mounted wearable device that createanother layer of security beyond initial or secondary voiceauthentication. In some cases, data can be received by voiceauthentication system 404 from one or more user devices (e.g., ahands-free head-mounted wearable device). In other cases, data can bereceived from one or more data stores in the cloud.

A voice authentication system can generally be used for authenticating auser of a headset. Specifically, voice authentication system 404 canutilize an initial sign-in process as well as a secondary authenticationthat maintains security of a headset. Further, the voice authenticationsystem can utilize additional security policies to ensure the protectionof a hands-free head-mounted wearable device. In this way, the voiceauthentication system can allow an authorized user to log into a deviceusing some form of authentication. As the user continues to use thedevice, the authentication can be maintained using an ongoing secondaryauthentication to verify the user of the device matches an authorizeduser (e.g., based on matching voiceprint profiles). Such a voiceauthentication system can have further security measures. One suchsecurity measure can be that of the hands-free head-mounted wearabledevice is detected to not be on the body of a user, the device is loggedout and/or the device is locked. Another security measure can be that auser's authorized voiceprint profile used to log the user into thehands-free head-mounted wearable device can expire after a predefinednumber of sign-ins if the device fails to connect to a cloud implementeddevice check-in. In this way, this security feature results in a hybridlocal and cloud-based voice authentication system.

Registration engine 406 can be used to register an authorized user intoa voice authentication system by generating a user voiceprint profile.As depicted in FIG. 4, registration engine 406 can utilize listeningcomponent 408 and analysis component 410 to generate the user voiceprintprofile during registration of the user. While the various componentsare depicted as separate components, it should be appreciated that asingle component can perform the functionality of all components.Additionally, in implementations, the functionality of the componentscan be performed using additional components and/or engines. Further, itshould be appreciated that the functionality of the components can beprovided by a system separate from the facial recognition system.

Listening component 408 can be used to collect voiceprints of a userduring use of a hands-free head-mounted wearable device. To generate avoiceprint profile, the headset can listen to a user interacting withthe device. In listening, voiceprints from a user can be collected. Avoiceprint can generally refer to an analysis of a recording of a user'sspeech with respect to frequency, duration, and amplitude. A voiceprintcan further be based on very common words for a user (e.g.,words/phrases often uttered by the user).

Such collection can occur during a single session and/or over time. Forinstance, a user can undergo registration during an initial use of theheadset. In other embodiments, a user can undergo registration overmultiple uses of the headset to obtain a more personalized voiceprintprofile. Collected voiceprints can include a recording of an entire usersession with the device. Alternatively, or in addition, collectedvoiceprints can be random samplings from a user session(s).

Analysis component 410 can be used to analyze collected voiceprints(e.g., voiceprints collected using listening component 408) to generatea user voiceprint profile that can be used to register the user in avoice authentication system. Such a user voiceprint profile can be basedon very common words for a user. Very common words can generally bedefined as often used words and/or phrases by a particular user. Forinstance, a first user's very common words can include “job order” and“open documents,” whereas a second user's very common words can include“navigate back” and “navigate home.” A user's very common words can bedetermined by analyzing collected voiceprints for a user and selecting apredetermined number of very common words to use as a profile for theuser (e.g., top 10 most uttered words/phrases). In embodiments, a uservoiceprint profile can be dynamically updated over time such that thevery common words are constantly tailored to a particular user. Suchdynamic updating can occur over at determined time instances such thatthe user voiceprint profile can be up-to-date as a user's work and/oruse of the hands-free head-mounted wearable device changes over time.

Upon generating a user voiceprint profile based on very common words,the profile can be stored in an authentication database. Such a databasecan be stored, for example, in data store 402. In some embodiments, avoiceprint profile can be designated for a particular hands-freehead-mounted wearable device. Alternatively, a voiceprint profile can bedesignated for a particular user, allowing the user to log into anyauthorized hands-free head-mounted wearable device. This voiceprintprofile can be stored locally on a hands-free head-mounted wearabledevice and/or on a server in the cloud.

As depicted in FIG. 4, authentication engine 412 can utilize sign-incomponent 414, maintenance component 416, and security component 418 toauthenticate a user to allow user of a hands-free head-mounted wearabledevice. While the various components are depicted as separatecomponents, it should be appreciated that a single component can performthe functionality of all components. Additionally, in implementations,the functionality of the components can be performed using additionalcomponents and/or engines. Further, it should be appreciated that thefunctionality of the components can be provided by a system separatefrom the facial recognition system.

Once a user is registered in the voice authentication system, the userwill be able to log into the device. Authentication engine 412 can beused to perform an initial sign into a device, maintain the login of auser for the device, and utilize additional security features to ensureprotection of the device over time.

Sign-in component 414 can be used to initially authenticate a userduring sign-in. It should be appreciated that any login technique can beused for a user to sign into a hands-free head-mounted wearable device.For instance, a display of the hands-free head-mounted wearable devicecan be presented to a user with words assigned to numbers. The user isable to use the word associations such that the user can log into thedevice in using words matched up with the numbers of their PIN. Anothertechnique allows a user to speak a prompted phrase that is then matchedwith the user's enrolled profile. For instance, a user can be promptedto speak their full name and then the sound, cadence, etc. of the spokenname can be compared with the user's stored name profile.

Maintenance component 408 can be used to perform ongoing secondaryauthentication of a user logged into a hands-free head-mounted wearabledevice. Secondary authentication can take place at designated timeintervals during use of a device (e.g., every 15 minutes, every hour,every three hours, etc.). Advantageously, secondary authenticationensures that as a hands-free head-mounted wearable device is used forextended periods of time, the individual using the device is the sameuser that performed the initial authentication. Alternatively, thesecondary authentication can ensure that if a new individual is usingthe device, the new individual is also authorized to use the device.

Secondary authentication can collect voiceprints of a user of ahands-free head-mounted wearable device. These collected voiceprints canbe random samplings taken during use of the device. The collectedvoiceprints can be compared with one or more registered user voiceprintprofiles (e.g., stored in data store 402). Specifically, the comparisonbetween the collected voiceprints and the registered user voiceprintprofiles can focus on very common words in the user voiceprint profiles.In this way, the maintenance component can perform a secondaryauthentication, allowing a user to continue using a device, when thephrases being uttered by the user match a registered user voiceprintprofile. For instance, when a user's very common words in the registereduser voiceprint profile include “job order”, “gotta get going”, “opendocuments”, “navigate back”, and “navigate home” and the user of thedevice continues to use these phrases, the maintenance component canallow the secondary authentication.

Security component 418 can be used to implement additional securitymeasures for a hands-free head-mounted wearable device. Advantageously,adding such security measures creates another layer of security beyondvoice authentication. Such security measures can be executed usingpolicies that can be adjusted based on needs. For instance, securitymeasures in one working environment can differ from another workingenvironment which can differ from a home environment or publicenvironment.

One security measure can be that if the hands-free head-mounted wearabledevice is detected to not be on the body of a user, the device canlogged out and/or the device is locked. This detection can be determinedusing sensors of the device such that if the device remains still for anamount of time, a determination is made that the device is not on thebody of a user. Upon logging out and/or locking the device, a user canbe required to perform a new initial authentication using, for example,sign-in component 414.

Another security measure can be that access using a user's voiceprintprofile can expire after a certain number of sign-ins to the hands-freehead-mounted wearable device. Specifically, a policy can be set that ifa device fails to connect to a cloud implemented device check-in, a usercan be prevented from authenticating the device until the device isconnected to the check-in. Such a policy is advantageous becauserequiring devices to connect to a cloud-based check-in ensures thatdevices can be easily tracked. In this way, if a disgruntled employee“loses” a device and cannot “find it,” the device can be renderedunusable and/or can be found when connecting to the check-in. Usingauthentication and such a check-in results in a hybrid local andcloud-based voice authentication system.

With reference to FIG. 5, a process flow is provided showing anembodiment of method 500 for registering a user with a voiceauthentication system, in accordance with embodiments of the presentdisclosure. The method 500 may be performed at least in part, forinstance, by the voice authentication system 404 of FIG. 4. Each blockor step of method 500 and other methods described herein can comprise acomputing process that may be performed using any combination ofhardware, firmware, and/or software. For instance, various functions maybe carried out by a processor executing instructions stored in memory.The methods may also be embodied as computer-usable instructions storedon computer storage media. The methods may be provided by a stand-aloneapplication, a service or hosted service (stand-alone or in combinationwith another hosted service), or a plug-in to another product, to name afew.

At block 502, a request to generate a new user voiceprint profile toregister a user with a voice authentication system can be received. Sucha request can be received by a voice authentication system operatingsolely on hands-free head-mounted wearable device. In other embodiments,such a request can be received by a voice authentication systemoperating in conjunction with a remote server (e.g., via the cloud).Such a user voiceprint profile can be based on a user's very commonwords. Very common words can generally be defined as words and/orphrases often uttered by a particular user. Voiceprint profiles of thesevery common words can be collected and stored. When performing ongoingsecondary authentication, very common words spoken by the user of adevice can be compared with a registered user voiceprint profile todetermine whether the user of the device is the same user that initiallylogged into the device (e.g., by comparing frequency, duration, andamplitude). In further embodiments, the very common words spoken by theuser of the device can be compared with one or more registered uservoiceprint profiles for users authorized to utilize the device.

At block 504, words spoken by a user can be collected and stored. Togenerate a voiceprint profile, the headset can listen to a userinteracting with the device. In listening, voice prints from a user canbe collected. Such collection can occur during a single initial sessionand/or over time. For instance, a user can undergo registration duringan initial use of the headset. In other embodiments, registration can beover several session to obtain a more personalized voiceprint profile.For instance, registration can continue until a certain amount ofrecording (e.g., five hours) has been collected. Collected voiceprintscan include a recording of an entire user session with the device.Alternatively, or in addition, collected voiceprints can be randomsamplings from a user session(s).

At block 506, common words can be determined for a user. Very commonwords, or common words, can generally be defined as often used wordsand/or phrases by a particular user. Such words and/or phrases canrelate to operation commands (e.g., keyword cues to touch-based controldialogue associations for controlling the hands-free head-mountedwearable device stored in keyword custom library 272) and/or any wordsand/or phrases a user says while wearing the device. In an embodiment, auser's very common words can be determined by analyzing collectedvoiceprints for a user and selecting a predetermined number of verycommon words to use as a profile for the user (e.g., top 10 most utteredwords/phrases). For instance, a first user's very common words caninclude “job order” and “open documents,” whereas a second user's verycommon words can include “navigate back” and “navigate home.”

At block 508, upon determining very common words for a user, the verycommon words can be used to generate a user voiceprint profile that canbe stored for the user. In some embodiments, a voiceprint profile can bedesignated for a particular hands-free head-mounted wearable device.Alternatively, a voiceprint profile can be designated for a particularuser, allowing the user to log into any hands-free head-mounted wearabledevice. This voiceprint profile can be stored locally on a hands-freehead-mounted wearable device and/or on a server in the cloud. Such auser voiceprint profile can be dynamically updated over time such thatthe very common words are constantly tailored to a particular user. Suchdynamic updating can occur over at determined time instances such thatthe user voiceprint profile can be up-to-date as a user's work and/oruse of the hands-free head-mounted wearable device changes over time.

With reference to FIG. 6, a process flow is provided showing anembodiment of method 600 for authenticating a user using a voiceauthentication system, in accordance with embodiments of the presentdisclosure. The method 600 may be performed at least in part, forinstance, by the head mount display 320 of FIG. 3. Each block or step ofmethod 600 and other methods described herein can comprise a computingprocess that may be performed using any combination of hardware,firmware, and/or software. For instance, various functions may becarried out by a processor executing instructions stored in memory. Themethods may also be embodied as computer-usable instructions stored oncomputer storage media. The methods may be provided by a stand-aloneapplication, a service or hosted service (stand-alone or in combinationwith another hosted service), or a plug-in to another product, to name afew. Aspects of method 600 can be performed, for example, byauthentication engine 412, as illustrated in FIG. 4.

Once a user is registered in a voice authentication system, the user isable to log into one or more hands-free head-mounted wearable devices.The voice authentication system can be used to perform an initialsign-in to a device, maintain the login of a user for the device, and/orutilize additional security features to ensure protection of the deviceover time.

At block 602, an initial log-in request to sign into a hands-freehead-mounted wearable device can be received. At block 604, access canbe allowed when valid authentication is determined. Initialauthentication of a hands-free head-mounted wearable device can use anylogin technique that allows a user to gain access to devicefunctionality. For instance, a display of the hands-free head-mountedwearable device can be presented to a user with words assigned tonumbers. The user can the use the word associations to log into thedevice in using words matched up with the numbers of their PIN, ensuringa secure login. Another technique allows a user to speak a promptedphrase that is then matched with the user's enrolled profile. Forinstance, a user can be prompted to speak their full name and then thesound, cadence, etc. of the spoken name can be compared with the user'sstored name profile.

At block 606, as a user utilizes a hands-free head-mounted wearabledevice, voiceprints can be collected. Collected voiceprints can includerecordings of entire user sessions with the device. Alternatively, or inaddition, collected voiceprints can be random samplings from a usersession(s).

At block 608, collected voiceprints can be compared with a registeredvoiceprint profile for a user. This collection and comparison ofvoiceprints can be designated as a secondary authentication of a user.Secondary authentication can take place at designated time intervalsafter an initial sign-in to a device (e.g., every 15 minutes, everyhour, every three hours, etc.). Advantageously, secondary authenticationensures that as a hands-free head-mounted wearable device is used forextended periods of time, the individual using the device is the sameuser that performed the initial authentication. Alternatively, thesecondary authentication can ensure that if a new individual is usingthe device, the new individual is authorized to use the device based.For instance, when a user's very common words in the registered uservoiceprint profile include “job order”, “gotta get going”, “opendocuments”, “navigate back”, and “navigate home” and the user of thedevice continues to use these phrases, the maintenance component canallow the secondary authentication. Such a comparison can be based on afrequency of use of the very common words. Such a comparison can also bebased on an evaluation of a very common word uttered by the user of adevice and a corresponding very common word stored in a user voiceprintprofile. Such an evaluation can be based on an analysis of frequency,duration, and amplitude.

At block 610, if the collected voiceprint(s) for very common word(s)does not match a user voiceprint profile, at block 612, the user islogged out of the headset. At block 610, if the collected voiceprint(s)for very common word(s) matches a user voiceprint profile, at block 614,the user remains logged into the headset and authentication ismaintained. As the secondary authentication is ongoing, the method canreturn to block 606 and additional voiceprints can be collected suchthat authentication continues periodically at predefined intervals(e.g., every 15 minutes, every hour, every three hours, etc.).

Additional security measures can be implemented at block 616 and/or 622.Advantageously, adding security measures can create another layer ofprotection beyond voice authentication. Such security measures can beexecuted using policies that can be adjusted based on needs. Forinstance, security measures in one working environment can differ fromanother working environment which can differ from a home environment orpublic environment.

At block 616, a determination can be made whether the hands-freehead-mounted wearable device is detected to be on the body of a user. Atblock 618, if the device is determined to not be detected on a user'sbody, at block 616, the user is logged out of the headset. At block 616,if the is detected to be on a user's body, at block 620, the userremains logged into the headset and authentication is maintained. Thisdetection can be determined using sensors of the device such that if thedevice remains still for an amount of time, a determination is made thatthe device is not on the body of a user.

At block 622, a determination can be made the number of sign-ins of adevice without cloud validation (e.g., device check-in) are under apreset number. A security policy can be set for a device that accessusing a user's voiceprint profile can expire after a certain number ofsign-ins to the hands-free head-mounted wearable device. Specifically,the policy can be set such that when a device fails to connect to acloud implemented device check-in, a user can be prevented fromauthenticating the device until the device is connected to the check-in.Such a policy is advantageous because requiring devices to connect to acloud-based check-in ensures that devices can be easily tracked. Usingauthentication and such a check-in results in a hybrid local andcloud-based voice authentication system. At block 622, if the device isdetermined to exceed a preset number of sign-ins without cloudvalidation, at block 624, the user is logged out of the headset. Atblock 622, if the device is determined to not exceed a preset number ofsign-ins without cloud validation, at block 626, the user remains loggedinto the headset and authentication is maintained. In practice, blocks622-626 can be performed concurrently to an initial login request from auser (e.g., concurrently with blocks 602-604). In other embodiments,blocks 622-626 can be performed subsequent to initial login request froma user.

Having described various embodiments of the invention, an exemplarycomputing environment suitable for implementing embodiments of theinvention is now described. With reference to FIG. 7, an exemplarycomputing device is provided and referred to generally as computingdevice 700. The computing device 700 is but one example of a suitablecomputing environment and is not intended to suggest any limitation asto the scope of use or functionality of the invention. Neither shouldthe computing device 700 be interpreted as having any dependency orrequirement relating to any one or combination of componentsillustrated.

Embodiments of the invention may be described in the general context ofcomputer code or machine-useable instructions, includingcomputer-useable or computer-executable instructions, such as programmodules, being executed by a computer or other machine, such as apersonal data assistant, a smartphone, a tablet PC, or other handhelddevice. Generally, program modules, including routines, programs,objects, components, data structures, and the like, refer to code thatperforms particular tasks or implements particular abstract data types.Embodiments of the invention may be practiced in a variety of systemconfigurations, including handheld devices, consumer electronics,general-purpose computers, more specialty computing devices, etc.Embodiments of the invention may also be practiced in distributedcomputing environments where tasks are performed by remote-processingdevices that are linked through a communications network. In adistributed computing environment, program modules may be located inboth local and remote computer storage media including memory storagedevices.

With reference to FIG. 7, computing device 700 includes a bus 710 thatdirectly or indirectly couples the following devices: memory 712, one ormore processors 714, one or more presentation components 716, one ormore input/output (I/O) ports 718, one or more I/O components 720, andan illustrative power supply 722. Bus 710 represents what may be one ormore busses (such as an address bus, data bus, or combination thereof).Although the various blocks of FIG. 7 are shown with lines for the sakeof clarity, in reality, these blocks represent logical, not necessarilyactual, components. For example, one may consider a presentationcomponent such as a display device to be an I/O component. Also,processors have memory. The inventors hereof recognize that such is thenature of the art and reiterate that the diagram of FIG. 7 is merelyillustrative of an exemplary computing device that can be used inconnection with one or more embodiments of the present invention.Distinction is not made between such categories as “workstation,”“server,” “laptop,” “handheld device,” etc., as all are contemplatedwithin the scope of FIG. 7 and with reference to “computing device.”

Computing device 700 typically includes a variety of computer-readablemedia. Computer-readable media can be any available media that can beaccessed by computing device 700 and includes both volatile andnonvolatile media, removable and non-removable media. By way of example,and not limitation, computer-readable media may comprise computerstorage media and communication media. Computer storage media includesboth volatile and nonvolatile, removable and non-removable mediaimplemented in any method or technology for storage of information suchas computer-readable instructions, data structures, program modules, orother data. Computer storage media includes, but is not limited to, RAM,ROM, EEPROM, flash memory or other memory technology, CD-ROM, digitalversatile disks (DVDs) or other optical disk storage, magneticcassettes, magnetic tape, magnetic disk storage or other magneticstorage devices, or any other medium which can be used to store thedesired information and which can be accessed by computing device 700.Computer storage media does not comprise signals per se. Communicationmedia typically embodies computer-readable instructions, datastructures, program modules, or other data in a modulated data signalsuch as a carrier wave or other transport mechanism and includes anyinformation delivery media. The term “modulated data signal” means asignal that has one or more of its characteristics set or changed insuch a manner as to encode information in the signal. By way of example,and not limitation, communication media includes wired media, such as awired network or direct-wired connection, and wireless media, such asacoustic, RF, infrared, and other wireless media. Combinations of any ofthe above should also be included within the scope of computer-readablemedia.

Memory 712 includes computer storage media in the form of volatileand/or nonvolatile memory. The memory may be removable, non-removable,or a combination thereof. Exemplary hardware devices include solid-statememory, hard drives, optical-disc drives, etc. Computing device 700includes one or more processors 714 that read data from various entitiessuch as memory 712 or I/O components 720. Presentation component(s) 716presents data indications to a user or other device. Exemplarypresentation components include a display device, speaker, printingcomponent, vibrating component, and the like.

The I/O ports 718 allow computing device 700 to be logically coupled toother devices, including I/O components 720, some of which may be builtin. Illustrative components include a microphone, joystick, game pad,satellite dish, scanner, printer, wireless device, etc. The I/Ocomponents 720 may provide a natural user interface (NUI) that processesair gestures, voice, or other physiological inputs generated by a user.In some instances, inputs may be transmitted to an appropriate networkelement for further processing. An NUI may implement any combination ofspeech recognition, touch and stylus recognition, facial recognition,biometric recognition, gesture recognition both on screen and adjacentto the screen, air gestures, head and eye tracking, and touchrecognition associated with displays on the computing device 700. Thecomputing device 700 may be equipped with depth cameras, such asstereoscopic camera systems, infrared camera systems, RGB camerasystems, and combinations of these, for gesture detection andrecognition. Additionally, the computing device 700 may be equipped withaccelerometers or gyroscopes that enable detection of motion. The outputof the accelerometers or gyroscopes may be provided to the display ofthe computing device 700 to render immersive augmented reality orvirtual reality.

Some embodiments of computing device 700 may include one or moreradio(s) 724 (or similar wireless communication components). The radio724 transmits and receives radio or wireless communications. Thecomputing device 700 may be a wireless terminal adapted to receivecommunications and media over various wireless networks. Computingdevice 700 may communicate via wireless protocols, such as code divisionmultiple access (“CDMA”), global system for mobiles (“GSM”), or timedivision multiple access (“TDMA”), as well as others, to communicatewith other devices. The radio communications may be a short-rangeconnection, a long-range connection, or a combination of both ashort-range and a long-range wireless telecommunications connection.When we refer to “short” and “long” types of connections, we do not meanto refer to the spatial relation between two devices. Instead, we aregenerally referring to short range and long range as differentcategories, or types, of connections (i.e., a primary connection and asecondary connection). A short-range connection may include, by way ofexample and not limitation, a Wi-Fi® connection to a device (e.g.,mobile hotspot) that provides access to a wireless communicationsnetwork, such as a WLAN connection using the 802.11 protocol; aBluetooth connection to another computing device is a second example ofa short-range connection, or a near-field communication connection. Along-range connection may include a connection using, by way of exampleand not limitation, one or more of CDMA, GPRS, GSM, TDMA, and 802.16protocols.

Many different arrangements of the various components depicted, as wellas components not shown, are possible without departing from the scopeof the claims below. Embodiments of the present invention have beendescribed with the intent to be illustrative rather than restrictive.Alternative embodiments will become apparent to readers of thisdisclosure after and because of reading it. Alternative means ofimplementing the aforementioned can be completed without departing fromthe scope of the claims below. Certain features and sub-combinations areof utility and may be employed without reference to other features andsub-combinations and are contemplated within the scope of the claims.

What is claimed is:
 1. A non-transitory computer storage medium storingcomputer-useable instructions that, when used by one or more computingdevices, cause the one or more computing devices to perform operationscomprising: receiving a request to register a user in a voiceauthentication system, wherein registration generates a user voiceprintprofile; based on receipt of the request, collecting voiceprints ofwords uttered by the user during a plurality of sessions; determining aset of words most-frequently uttered by the user based on the collectedvoiceprints of words uttered by the user during the plurality ofsessions; generating the user voiceprint profile comprised of one ormore voiceprints of the collected voiceprints associated with the set ofmost-frequently uttered words, wherein the user voiceprint profile isutilized for an ongoing secondary authentication process that comparesthe user voiceprint profile to additional voiceprints collected during apreviously-authenticated session of a hands-free head mounted wearabledevice in order to maintain the previously-authenticated session; afterthe user voiceprint profile is generated, collecting further voiceprintsof words uttered by the user during one or more additional sessions;determining an updated set of words most-frequently uttered by the userbased on the collected voiceprints of words and the collected furthervoiceprints of words; and updating the user voiceprint profile with theupdated set of most-frequently uttered words.
 2. The medium of claim 1,wherein the user voiceprint profile is compared to the additionalvoiceprints based on at least one of a frequency, a duration, and anamplitude of the additional voiceprints and the one or more voiceprintsof the collected voiceprints associated with the set of most-frequentlyuttered words.
 3. The medium of claim 1, wherein generating the uservoiceprint profile further comprises selecting a predefined number ofthe set of most-frequently uttered words to store in the user voiceprintprofile.
 4. The medium of claim 1, the operations further comprising:associating the user voiceprint profile with one or more authorizedhands-free head-mounted wearable devices, wherein the user voiceprintprofile allows the user to authenticate the one more authorizedhands-free head-mounted wearable devices during use based on the ongoingsecondary authentication process.
 5. The medium of claim 1, theoperations further comprising: associating the user voiceprint profilewith the user, wherein the user voiceprint profile allows the user toauthenticate one more authorized hands-free head-mounted wearabledevices during use based on the ongoing secondary authenticationprocess.
 6. A computer-implemented method, the method comprising:obtaining a plurality of voiceprints for a user having authenticatedaccess to a hands-free head mounted wearable device, the plurality ofvoiceprints corresponding to words uttered by the authenticated user andcollected over a plurality of sessions, wherein the authenticated accessis based on a PIN; determining a set of words most-frequently uttered bythe authenticated user based on the plurality of voiceprints; generatinga user voiceprint profile based on the set of most-frequently utteredwords, the user voiceprint profile including a portion of the pluralityof voiceprints corresponding to the set of most-frequently utteredwords, wherein the user voiceprint profile is utilized for an ongoingsecondary authentication process that compares the user voiceprintprofile to additional voiceprints collected during another authenticatedsession of a hands-free head mounted wearable device in order tomaintain the other authenticated session; after the user voiceprintprofile is generated, collecting further voiceprints of words uttered bythe authenticated user during one or more additional sessions;determining an updated set of words most-frequently uttered by theauthenticated user based on the set of most-frequently uttered words andthe collected further voiceprints of words; and updating the uservoiceprint profile with the updated set of most-frequently utteredwords.
 7. The method of claim 6, wherein the ongoing secondaryauthentication process is performed periodically at predefined intervalsduring the new authenticated session.
 8. The method of claim 6, furthercomprising: terminating the other authenticated session when theadditional voiceprints fail to match to the user voiceprint profile. 9.The method of claim 6, further comprising: determining, using a sensorof the hands-free head-mounted wearable device, that the hands-freehead-mounted wearable device is separate from the user's body; andterminating the other session of the hands-free head-mounted wearabledevice based on the determination that the hands-free head-mountedwearable device is separate from the user's body.
 10. The method ofclaim 6, further comprising: terminating the other session based on adetermination that a number of times a cloud implemented device isinaccessible exceeds a preset number.
 11. The method of claim 6, whereinthe user voiceprint profile is for the user having the authenticatedaccess.
 12. A computerized system comprising: one or more processors;and one or more computer storage media storing computer-usableinstructions that, when used by the one or more processors, cause theone or more processors to: collect voiceprints of words uttered by auser, via a microphone, during a session of a hands-free head-mountedwearable device, wherein the session is authenticated based on a PIN ofthe user; compare the voiceprints with another set of voiceprintscorresponding to a set of words determined to be most-frequently utteredby the user during a plurality of sessions previously-authenticatedbased on the PIN, the other set of voiceprints being stored in a uservoiceprint profile for the user and utilized to perform a secondaryauthentication that maintains the session; determine an updated set ofwords most-frequently uttered by the user based on the most-frequentlyuttered set of words and the other set of voiceprints; and update theuser voiceprint profile with the updated set of most-frequently utteredwords.
 13. The computer system of claim 12, wherein the most-frequentlyuttered set of words includes a preset number of words.
 14. The computersystem of claim 12, wherein the comparison of voiceprints includes ananalysis of at least one of a frequency, a duration, and an amplitude ofthe voiceprints and the other set of voiceprints.
 15. The computersystem of claim 12, further causing the one or more processors to:determine a number of times a cloud-implemented authentication device isinaccessible from the hands-free head-mounted wearable device, and basedon determining that the number of times the cloud-implementedauthentication device is inaccessible exceeds a preset number, terminatethe session of the hands-free head-mounted wearable device.